Renewal; Revocation - Netscape MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR Administrator's Manual

How The Certificate Manager Works

Renewal

The Certificate Manager allows for the renewal of certificates. Certificates can be
renewed if the policies associated with renewal are enabled and if the request
meets the criteria of those policies. The Certificate Manager is set up for a single
method of renewal. All requests are made to the renewal page of the end-entity
interface. The end entity presents their old certificate, and if they meet the policies
for renewal, a new certificate is issued with the validity period set up in the
renewal policies.
Whether you set up renewals as renewals, or have end entities renew certificates as
an enrollment request, you can set up automated notifications that will send an
email to users at some period before their certificate expires for a predefined
interval of time. You set this up by enabling the jobs feature, enabling and
configuring Certificate Renewal job, and customizing the certificate renewal email
template.

Revocation

An end entity can request that their own certificate is revoked.
When an end entity makes the request, they are asked to present their certificate. If
they have the certificate and the key materials, the request is processed and sent to
the Certificate Manager and the certificate is revoked. Once approved, the signed
request is sent to the Certificate Manager and the certificate is revoked. The
Certificate Manager marks the certificate as revoked in its database, and adds it to
any CRLs that are applicable.
An agent can revoke any certificate issued by the Certificate Manager. They do this
by searching for the certificate in the agent services interface and then marking it
revoked.
Once a certificate is revoked, it is marked revoked in the database, and in the
publishing directory if the Certificate is set up for publishing.
If you enabled and configured the internal OCSP service, the service determines
the status of certificates by looking them up in the internal database and reporting
on the status of the certificate.
You can set up an automated notifications that send an email message to the end
entity when their certificate is revoked. You set this up by enabling and
configuring the Certificate Revoked notification message, and customizing the
email template associated with this notification.
Chapter 3 Certificate Manager 129